Scammers mail out fake hardware wallets to victims of Ledger data breach
June 17, 2021. Summarized by summa-bot.
Compression ratio: 25.9%. 1 min read.
Scammers continue to target victims of last year's Ledger data leak, this time mailing them fake replacement hardware wallets.
Aside from the letter, u/jirand also received a fake manual, enclosing instructions regarding how to use the device and, crucially, asking that the user enter their private Ledger recovery phrase to connect their cryptocurrency wallet to the new hardware.
Gover highlighted a section of the back of the device showing the flash drive implant, noting that “those 4 wires piggyback the same connections for the USB port of the Ledger. ”
In an online post dated May 10 but not cited by u/jirand, Ledger had already warned customers against the fake letter and device, stating that:
"The fake user guide in the Nano's box asks the user to connect the device to a computer.
To initialize the device, the user is then asked to enter his 24 words in a fake Ledger Live application.
The original data breach had occurred in June and July 2020 and included 1,075,382 email addresses from users subscribed to the Ledger newsletter.